I am looking to put a touchscreen laptop (running Windows 8) into a store that the public will be able to access. I want them to only have access to one website that I set. I do not want the domain shown but the program must have access to the internet (they will be able to make purchases from this in store computer via my site). How do I go about locking down the computer and browser to access only this one program/site?

Note: I am open to any browser as long as it will full access to the site. The laptop will be connected via WiFi to the internet.

You want to set up a site specific browser. Chrome allows this - through create application shortcuts (see image below) but there may be other options. I'm not sure if the links chrome generates can be fed right into the next part of this process. Might also want to test this kiosk mode spinoff of firefox

You will want to set up kiosk mode. To do this, you'll need the group policy editor, accessible via running gpedit.msc. I used the instructions here as a base. go to Configuration -> Administrative Templates -> System, and open the Custom User Interface option.

You will need to supply the complete path to the site specific browser

There's one way I can think of which wouldn't require any additional expenditure, but it's a bit of a hack and not exactly foolproof...

Basically you could give your laptop a static IP address. Make sure it is in the same IP subnet as your router, but outside of the range of the router's DHCP scope. For example if your router gives out IP addresses in the range 192.168.1.100-150, you could statically assign 192.168.1.50-59 for your laptop. Obviously the default gateway will be the IP address of your router.

When you assign the IP address, do not enter any values into the DNS Server fields. Without DNS the laptop will be unable to resolve websites to IP addresses and therefore your clients will be unable to surf the internet.

If you want your machine to be able to access only one website (as you indicate), then you could add that website to the local hosts file on the PC (found in C:\windows\system32\drivers\etc\hosts on - open this in Notepad and append the website and corresponding IP address into the file). The laptop would then be able to resolve the web address for this one site, and browse it accordingly while still being "blocked" from the rest of the Internet.

If you then want your laptop to be able to fully access the Internet, all you have to do is to enter the correct IP values for your DNS servers into their TCP/IP settings.

Obviously a technically savvy customer could add their own entries into the hosts file, so the solution is far from perfect.

All in all it would probably be better to splash out some money on a router with a more flexible firewall set, but if you're looking for a cheap fix, the above might help.

Another way to do this, is using Group Policy. Just set the PC to use a fake proxy server (I used 127.0.0.1) then list the site you want to allow under exceptions.
That should work as long as users don't use another web browser besides Internet Explorer.

If the store it's in is also the same store that the server is hosted in, disable internet access to the wifi (this will depend on the router in use), set up an internal route to the local server, and then they can only get what's on the LAN.

If the laptop is not in the same location as the router, then you'll have to seperate the laptop/wireless from the rest of the network, restrict all access to the outside world, and just allow your site (again, this depends on the router you are using).

Check for something like a whitelist/blacklist in your router management console.

Hard-code a bogus dns server, so that normal internet access fails, but put a static entry in the hosts table for your domain. The downside here is that this breaks down if you want to use a cdn or any cloud services when building your app.